LISTSERV - HP3000-L Archives

HP3000-L Archives

July 2002, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L July 2002, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: What SSH and FTP packages are available to perform FTP on HP- UX Unix to Unix and Windows securely?, pcumming
From:	[log in to unmask]
Reply To:	[log in to unmask][log in to unmask]] On Behalf Of Michael Berkowitz Sent: Thursday, July 25, 2002 8:41 AM To: [log in to unmask] Subject: Re: [HP3000-L] Gibberish Messages39_25Jul200209:18:[log in to unmask]
Date:	Wed, 24 Jul 2002 11:24:27 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (44 lines)

>  What SSH and FTP packages are available to perform FTP on HP-UX Unix
> to Unix and Windows securely?, pcumming
Unix comes with ssh, and you can get it for Windows. There are also scp
packages available for both. Patrick Santucci recently asked about this very
thing. Maybe he can shed some light on what he learned.

> 1. We would like to provide our customers with a client piece of
> software so that they can log on securely (password not in clear text)
ssh and scp allow for that.

> Note: Some of our customers are running Unix and some Windows.
You could cheat, and run SAMBA for your Windows customers. It wouldn't be
pretty, but it would work. SAMBA can support encrypted passwords.

> We would like some support from a vendor on anything we do.
But no vendor support on SAMBA. There are RFCs for securing FTP, and vendors
working on a secured ftp. I * think * that btrade has a TLS ftp product.
Searching google on TLS ftp yields 50,000 hits. Try
http://www.columbia.edu/kermit/ftpd.html for a page of references. It has
links to an implementation of proftpd, which offers different methods of
authenticating, http://www.proftpd.org/docs/faq/linked/faq-ch7.html.
Bleeding edge. While they do not mention Windows, I believe that there are
Windows clients available that will so authenticate. The columbia.edu site
ends with "For Windows users we can recommend WFTPD Pro
http://www.wftpd.com/ which has support for SSL/TLS beginning with version
3.10".

> Ideally some verification via self generated certificates would be
> helpful but perhaps not do-able or 100% necessary as long as their is
> encryption.
PGP would allow for encryption, but does not solve the password problem. Not
necessarily a bad idea to do both.

> We do not want to add a Windows box due to cost of our
> outsourcer charging us for this.
If their costs are outrageous, next time the contract is up, maybe this
should be a consideration.

Greg Stigers
http://www.cgiusa.com

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU